CVE-2016-15022

Name of the Vulnerable Software and Affected Versions mosbth cimage versions up to 0.7.18

Description A vulnerability was found in mosbth cimage, affecting an unknown functionality of the file check system.php. The manipulation of the argument $ SERVER['SERVER SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue.

Recommendations To resolve the issue, upgrade to version 0.7.19. As a temporary workaround, consider restricting access to the check system.php file until the upgrade is applied. Additionally, be cautious when using the $ SERVER['SERVER SOFTWARE'] argument to minimize the risk of exploitation.